Re: [patch 0/15] lsm stacking v0.3: intro
Date: Sat Jul 30 2005 - 14:14:50 EST
Quoting Tony Jones (tonyj@xxxxxxxxxxx):
Thanks, Tony. I'll address each of these in the next patchset. Just
two things I wanted to actually converse about:
> 5) /*
> * Workarounds for the fact that get and setprocattr are used only by
> * selinux. (Maybe)
> No complaints on selinux getting to avoid the (module), they are intree.
> Just a FYI that SubDomain/AppArmor uses these hooks also.
And is it ok with using the "some_data (apparmor)" convention?
The special handling of selinux is intended to be temporary, due to the
large base of installed userspace which hasn't yet been updated. I
would imagine that at some point that code would go away.
> I noticed the conditional CONFIG_SECURITY_STACKER code went away, previously
> it would look at the value chain head only for the !case. But this comment
> still remains.
Yes, after I added the unlink function, it started to seem that the
special cases for !CONFIG_SECURITY_STACKER wouldn't be any faster than
the stacker versions. They still might be, but I'll have to think about
it. If I just ditch those, then I can probably ditch the whole
security-stack.h file, and move those declarations into security.h.
They were just in their own file because Stephen had pointed out that
switching between stacker and non-stacker would cause too much code to
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/